Yedidyah Bar David has uploaded a new change for review. Change subject: packaging: setup: Do not log passwords ......................................................................
packaging: setup: Do not log passwords Most of the code already refrains from logging passwords. This change also makes upgrade from legacy 3.2 code not log the db password and also makes otopi not log db password and admin password in dumpEnvironment even if set from an answer file etc. Depends on http://gerrit.ovirt.org/19776 . Bug-Url: https://bugzilla.redhat.com/1014115 Change-Id: I81c7371eaf930b3cc21861deb620c61891ad4d1f Signed-off-by: Yedidyah Bar David <[email protected]> --- M ovirt-engine.spec.in M packaging/setup/plugins/ovirt-engine-common/db/connection.py M packaging/setup/plugins/ovirt-engine-setup/config/options.py M packaging/setup/plugins/ovirt-engine-setup/legacy/database.py 4 files changed, 27 insertions(+), 1 deletion(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/38/19938/1 diff --git a/ovirt-engine.spec.in b/ovirt-engine.spec.in index 2a2cd96..2c3fa52 100644 --- a/ovirt-engine.spec.in +++ b/ovirt-engine.spec.in @@ -325,7 +325,7 @@ Requires: logrotate Requires: m2crypto Requires: nfs-utils -Requires: otopi >= 1.1.1-1 +Requires: otopi >= 1.1.2-1 Requires: policycoreutils-python Requires: python-psycopg2 Requires: yum diff --git a/packaging/setup/plugins/ovirt-engine-common/db/connection.py b/packaging/setup/plugins/ovirt-engine-common/db/connection.py index ce9800f..342ef5a 100644 --- a/packaging/setup/plugins/ovirt-engine-common/db/connection.py +++ b/packaging/setup/plugins/ovirt-engine-common/db/connection.py @@ -43,6 +43,16 @@ super(Plugin, self).__init__(context=context) @plugin.event( + stage=plugin.Stages.STAGE_BOOT, + ) + def _boot(self): + self.environment[ + otopicons.BaseEnv.SUPPRESS_ENVIRONMENT_KEYS + ].append( + osetupcons.DBEnv.PASSWORD + ) + + @plugin.event( stage=plugin.Stages.STAGE_INIT, ) def _init(self): diff --git a/packaging/setup/plugins/ovirt-engine-setup/config/options.py b/packaging/setup/plugins/ovirt-engine-setup/config/options.py index 2c1d128..ab0f1c5 100644 --- a/packaging/setup/plugins/ovirt-engine-setup/config/options.py +++ b/packaging/setup/plugins/ovirt-engine-setup/config/options.py @@ -41,6 +41,16 @@ super(Plugin, self).__init__(context=context) @plugin.event( + stage=plugin.Stages.STAGE_BOOT, + ) + def _boot(self): + self.environment[ + otopicons.BaseEnv.SUPPRESS_ENVIRONMENT_KEYS + ].append( + osetupcons.ConfigEnv.ADMIN_PASSWORD + ) + + @plugin.event( stage=plugin.Stages.STAGE_INIT, ) def _init(self): diff --git a/packaging/setup/plugins/ovirt-engine-setup/legacy/database.py b/packaging/setup/plugins/ovirt-engine-setup/legacy/database.py index 201d7a4..97ddb57 100644 --- a/packaging/setup/plugins/ovirt-engine-setup/legacy/database.py +++ b/packaging/setup/plugins/ovirt-engine-setup/legacy/database.py @@ -24,6 +24,7 @@ _ = lambda m: gettext.dgettext(message=m, domain='ovirt-engine-setup') +from otopi import constants as otopicons from otopi import util from otopi import plugin @@ -76,6 +77,11 @@ osetupcons.DBEnv.PASSWORD: d[4], osetupcons.DBEnv.NEW_DATABASE: False, }) + self.environment[ + otopicons.CoreEnv.LOG_FILTER + ].append( + self.environment[osetupcons.DBEnv.PASSWORD] + ) dbovirtutils = database.OvirtUtils(plugin=self) dbovirtutils.tryDatabaseConnect() if dbovirtutils.isNewDatabase(): -- To view, visit http://gerrit.ovirt.org/19938 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I81c7371eaf930b3cc21861deb620c61891ad4d1f Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: ovirt-engine-3.3 Gerrit-Owner: Yedidyah Bar David <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
